I installed minidlna on my (otherwise unmodified) NextcloudPi in order to access movies and music from different media players throughout my house.
In my own NC directory there are folders for Music and one for Movies:
root@NCP:/media/USBdisk/ncdata/sven/files# ls -l
drwxr-xr-x 1 www-data www-data Nov 10 14:19 Movies/
drwxr-xr-x 1 www-data www-data Nov 10 14:20 Music/
So when installing minidlna a user as well as a group by that very name are created. But the user minidlna can not access those directories for scanning and serving out it’s contents. So I had to add it tho the group www-data, which worked. But this will give him potential access to the whole cloud and every DLNA-client in my network would be able to access the directories I set in minidlna.conf. Of course that is the whole point of DLNA and okay for movies and music, but a tiny mistake in this single configuration file would punch a big hole into the security of my whole cloud.
Am I wrong with my fear or is there a better solution for this?
Actually not, usual file in data folder have -rw-r--r-- for files and drwxr-xr-x for directories, so not sure if minidlna will live with it.
Also if minidlna has an access to mount via bind, then it could read your files also directly without it.
If you search in forum for a Strong permissions, then you will see that people that apply it will not be able to share directories with minidlna/plex directly.